On 5th November the Microsoft zero-day Vulnerability was reported by McAfee Labs senior security researcher Haifei Li. The bug affects a range of products including Lync clients. Microsoft have been informed of on-going targeted attacks mostly in the Middle East and South Asia that have Exploited this flaw.
| Microsoft $100,000 Bug Reward |
Lync products affected include:
Lync 2010 x86, x64
Lync 2010 Attendee
Lync 2013 x86, x64
Lync Basic 2013 x86, x64
Office 365 is not affected by the exploit.
Microsoft have released a temporary patch to block rendering of the TIFF format using the registry mod below: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1
Microsoft advise installing Emet (the Enhanced Mitigation Experience Toolkit) that is able to mitigate this exploit in advance when any of the following mitigations are enabled for Office binaries:
Multiple ROP mitigations (StackPointer, Caller, SimExec, MemProt) available in EMET 4.0
Other mitigations (MandatoryASLR, EAF, HeapSpray ) included in EMET 3.0 and 4.0
EMET can be deployed via group policy or SCCM for blanket coverage of all vulnerable clients.
